OpenSSH CHROOT newbie

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I have set up a Suse 9.3 box that also runs a SFTP. My problem is finding a
solution to keep users within a home directory. I have read about the Chroot
plugin for SSH, but for the life of me I cannot figure out how to run and
install the dang thing.

Is there an alternative to this? Using some sort of file permisions or a
utility? Any help would be appreciated.



Re: OpenSSH CHROOT newbie

Quoted text here. Click to load it

Ahh. I used to host the OpenSSH patches for this, but I changed workplace.
There are now patches at basically, you set up user
accounts with homedirs of "/home/username/./", and OpenSSH will try to
chroot all operations into wherever the "/./" is in the user's home
directory path. You then need to install a chroot cage in the "/./"
directory: This includes key components such as ./etc/passwd, ./etc/group,
and possibly ./etc/shadow and ./etc/gshadow depending on your setups, SSH
components, and the libraries to run the SSH binaries.

This is quite a lot of work: in general, I've suggested to people that they
instead install Apache with WebDAV over HTTPS to provide drag&drop, secure,
chrooted, remote file access for remote clients. You don't get the ability
to create symlinks or hard links in  the user's directory, but you do get
easy read-only access for a separate account.

Quoted text here. Click to load it

No problem, it's a common question.

Site Timeline